puppet 8.0.1-universal-darwin → 8.1.0-universal-darwin

data/man/man5/puppet.conf.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPETCONF" "5" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPETCONF" "5" "June 2023" "Puppet, Inc." "Puppet manual"
 \fBThis page is autogenerated; any changes will get overwritten\fR
 .
 .SH "Configuration settings"
@@ -163,6 +163,20 @@ The port to use for the certificate authority\.
 .
 .IP "" 0
 .
+.SS "ca_refresh_interval"
+How often the Puppet agent refreshes its local CA certs\. By default the CA certs are refreshed once every 24 hours\. If a different duration is specified, then the agent will refresh its CA certs whenever it next runs and the elapsed time since the certs were last refreshed exceeds the duration\.
+.
+.P
+In general, the duration should be greater than the \fBruninterval\fR\. Setting it to 0 or an equal or lesser value than \fBruninterval\fR, will cause the CA certs to be refreshed on every run\.
+.
+.P
+If the agent downloads new CA certs, the agent will use it for subsequent network requests\. If the refresh request fails or if the CA certs are unchanged on the server, then the agent run will continue using the local CA certs it already has\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
+.
+.IP "\(bu" 4
+\fIDefault\fR: \fB1d\fR
+.
+.IP "" 0
+.
 .SS "ca_server"
 The server to use for certificate authority requests\. It\'s a separate server because it cannot and does not need to horizontally scale\.
 .
@@ -395,7 +409,7 @@ Prints the value of a specific configuration setting\. If the name of a setting
 How often the Puppet agent refreshes its local CRL\. By default the CRL is refreshed once every 24 hours\. If a different duration is specified, then the agent will refresh its CRL whenever it next runs and the elapsed time since the CRL was last refreshed exceeds the duration\.
 .
 .P
-In general, the duration should be greater than the \fBruninterval\fR\. Setting it to an equal or lesser value will cause the CRL to be refreshed on every run\.
+In general, the duration should be greater than the \fBruninterval\fR\. Setting it to 0 or an equal or lesser value than \fBruninterval\fR, will cause the CRL to be refreshed on every run\.
 .
 .P
 If the agent downloads a new CRL, the agent will use it for subsequent network requests\. If the refresh request fails or if the CRL is unchanged on the server, then the agent run will continue using the local CRL it already has\.This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
@@ -945,7 +959,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
 The HTTP User\-Agent string to send when making network requests\.
 .
 .IP "\(bu" 4
-\fIDefault\fR: \fBPuppet/8\.0\.0 Ruby/3\.1\.1\-p18 (x86_64\-linux)\fR
+\fIDefault\fR: \fBPuppet/8\.1\.0 Ruby/3\.1\.1\-p18 (x86_64\-linux)\fR
 .
 .IP "" 0
 .

data/man/man8/puppet-agent.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-AGENT" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-AGENT" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-agent\fR \- The puppet agent daemon

data/man/man8/puppet-apply.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-APPLY" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-APPLY" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-apply\fR \- Apply Puppet manifests locally

data/man/man8/puppet-catalog.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CATALOG" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CATALOG" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.

data/man/man8/puppet-config.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CONFIG" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CONFIG" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-config\fR \- Interact with Puppet\'s settings\.

data/man/man8/puppet-describe.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DESCRIBE" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DESCRIBE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-describe\fR \- Display help about resource types

data/man/man8/puppet-device.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DEVICE" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DEVICE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-device\fR \- Manage remote network devices

data/man/man8/puppet-doc.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DOC" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DOC" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-doc\fR \- Generate Puppet references

data/man/man8/puppet-epp.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-EPP" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-EPP" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.

data/man/man8/puppet-facts.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FACTS" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FACTS" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-facts\fR \- Retrieve and store facts\.

data/man/man8/puppet-filebucket.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FILEBUCKET" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FILEBUCKET" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket

data/man/man8/puppet-generate.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-GENERATE" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-GENERATE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.

data/man/man8/puppet-help.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-HELP" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-HELP" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-help\fR \- Display Puppet help\.

data/man/man8/puppet-lookup.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-LOOKUP" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-LOOKUP" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-lookup\fR \- Interactive Hiera lookup

data/man/man8/puppet-module.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MODULE" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MODULE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.

data/man/man8/puppet-node.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-NODE" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-NODE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-node\fR \- View and manage node definitions\.

data/man/man8/puppet-parser.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PARSER" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PARSER" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-parser\fR \- Interact directly with the parser\.

data/man/man8/puppet-plugin.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PLUGIN" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PLUGIN" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.

data/man/man8/puppet-report.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-REPORT" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-REPORT" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-report\fR \- Create, display, and submit reports\.

data/man/man8/puppet-resource.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-RESOURCE" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-RESOURCE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-resource\fR \- The resource abstraction layer shell

data/man/man8/puppet-script.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SCRIPT" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SCRIPT" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "April 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "June 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v8\.0\.0
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v8\.1\.0

data/spec/integration/application/agent_spec.rb

@@ -896,6 +896,55 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
          .and output(%r{Certificate 'CN=revoked' is revoked}).to_stderr
       end
     end
+
+    it "refreshes the CA and CRL" do
+      Puppet[:localcacert] = ca = tmpfile('ca')
+      Puppet[:hostcrl] = crl = tmpfile('crl')
+      copy_fixtures(%w[ca.pem intermediate.pem], ca)
+      copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
+
+      now = Time.now
+      yesterday = now - (60 * 60 * 24)
+      Puppet::FileSystem.touch(ca, mtime: yesterday)
+      Puppet::FileSystem.touch(crl, mtime: yesterday)
+
+      server.start_server do |port|
+        Puppet[:serverport] = port
+        Puppet[:ca_refresh_interval] = 1
+
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(0)
+         .and output(/Info: Refreshed CA certificate: /).to_stdout
+      end
+
+      # If the CA is updated, then the CRL must be updated too
+      expect(Puppet::FileSystem.stat(ca).mtime).to be >= now
+      expect(Puppet::FileSystem.stat(crl).mtime).to be >= now
+    end
+
+    it "refreshes only the CRL" do
+      Puppet[:hostcrl] = crl = tmpfile('crl')
+      copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
+
+      now = Time.now
+      yesterday = now - (60 * 60 * 24)
+      Puppet::FileSystem.touch(crl, mtime: yesterday)
+
+      server.start_server do |port|
+        Puppet[:serverport] = port
+        Puppet[:crl_refresh_interval] = 1
+
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(0)
+         .and output(/Info: Refreshed CRL: /).to_stdout
+      end
+
+      expect(Puppet::FileSystem.stat(crl).mtime).to be >= now
+    end
   end
 
   context "legacy facts" do
@@ -994,6 +1043,7 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
         expect {
           agent.run
         }.to exit_with(1)
+          .and output(/Info: Loading facts/).to_stdout
           .and output(
             match(/Error: Evaluation Error: Unknown variable: 'osfamily'/)
               .and match(/Error: Could not retrieve catalog from remote server: Error 500 on SERVER:/)

data/spec/unit/application/lookup_spec.rb

@@ -668,6 +668,7 @@ Searching for "a"
           expect {
             lookup.run_command
           }.to exit_with(0)
+           .and output(/This is in facts hash/).to_stdout
         end
       end
     end

data/spec/unit/http/service/ca_spec.rb

@@ -95,6 +95,18 @@ describe Puppet::HTTP::Service::Ca do
         expect(err.response.code).to eq(404)
       end
     end
+
+    it 'raises a 304 response error if it is unmodified' do
+      stub_request(:get, url).to_return(status: [304, 'Not Modified'])
+
+      expect {
+        subject.get_certificate('ca', if_modified_since: Time.now)
+      }.to raise_error do |err|
+        expect(err).to be_an_instance_of(Puppet::HTTP::ResponseError)
+        expect(err.message).to eq("Not Modified")
+        expect(err.response.code).to eq(304)
+      end
+    end
   end
 
   context 'when getting CRLs' do

data/spec/unit/ssl/state_machine_spec.rb

@@ -30,7 +30,9 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
     Puppet[:daemonize] = false
     Puppet[:ssl_lockfile] = tmpfile('ssllock')
     allow(Kernel).to receive(:sleep)
-    allow_any_instance_of(Puppet::X509::CertProvider).to receive(:crl_last_update).and_return(Time.now + (5 * 60))
+    future = Time.now + (5 * 60)
+    allow_any_instance_of(Puppet::X509::CertProvider).to receive(:crl_last_update).and_return(future)
+    allow_any_instance_of(Puppet::X509::CertProvider).to receive(:ca_last_update).and_return(future)
   end
 
   def expected_digest(name, content)
@@ -396,6 +398,16 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
       expect(File).to_not exist(Puppet[:localcacert])
     end
 
+    it 'skips CA refresh if it has not expired' do
+      Puppet[:ca_refresh_interval] = '1y'
+      Puppet::FileSystem.touch(Puppet[:localcacert], mtime: Time.now)
+
+      allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_cacerts).and_return(cacerts)
+
+      # we're expecting a net/http request to never be made
+      state.next_state
+    end
+
     context 'when verifying CA cert bundle' do
       before :each do
         allow(cert_provider).to receive(:load_cacerts).and_return(nil)
@@ -436,6 +448,61 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
         expect(st.message).to eq("CA bundle with digest (SHA256) #{fingerprint} did not match expected digest WR:ON:G!")
       end
     end
+
+    context 'when refreshing a CA bundle' do
+      before :each do
+        Puppet[:ca_refresh_interval] = '1s'
+        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_cacerts).and_return(cacerts)
+
+        yesterday = Time.now - (24 * 60 * 60)
+        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:ca_last_update).and_return(yesterday)
+      end
+
+      let(:new_ca_bundle) do
+        # add 'unknown' cert to the bundle
+        [cacert, cert_fixture('intermediate.pem'), cert_fixture('unknown-ca.pem')].map(&:to_pem)
+      end
+
+      it 'uses the local CA if it has not been modified' do
+        stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 304)
+
+        expect(state.next_state.ssl_context.cacerts).to eq(cacerts)
+      end
+
+      it 'uses the local CA if refreshing fails in HTTP layer' do
+        stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 503)
+
+        expect(state.next_state.ssl_context.cacerts).to eq(cacerts)
+      end
+
+      it 'uses the local CA if refreshing fails in TCP layer' do
+        stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_raise(Errno::ECONNREFUSED)
+
+        expect(state.next_state.ssl_context.cacerts).to eq(cacerts)
+      end
+
+      it 'uses the updated crl for the future requests' do
+        stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: new_ca_bundle.join)
+
+        expect(state.next_state.ssl_context.cacerts.map(&:to_pem)).to eq(new_ca_bundle)
+      end
+
+      it 'updates the `last_update` time' do
+        stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: new_ca_bundle.join)
+
+        expect_any_instance_of(Puppet::X509::CertProvider).to receive(:ca_last_update=).with(be_within(60).of(Time.now))
+
+        state.next_state
+      end
+
+      it 'forces the NeedCRLs to refresh' do
+        stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: new_ca_bundle.join)
+
+        st = state.next_state
+        expect(st).to be_an_instance_of(Puppet::SSL::StateMachine::NeedCRLs)
+        expect(st.force_crl_refresh).to eq(true)
+      end
+    end
   end
 
   context 'NeedCRLs' do
@@ -533,6 +600,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
 
       allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_crls).and_return(crls)
 
+      # we're expecting a net/http request to never be made
       state.next_state
     end
 

data/spec/unit/x509/cert_provider_spec.rb

@@ -586,6 +586,32 @@ describe Puppet::X509::CertProvider do
     end
   end
 
+  context 'CA last update time' do
+    let(:ca_path) { tmpfile('pem_ca') }
+
+    it 'returns nil if the CA does not exist' do
+      provider = create_provider(capath: '/does/not/exist')
+
+      expect(provider.ca_last_update).to be_nil
+    end
+
+    it 'returns the last update time' do
+      time = Time.now - 30
+      Puppet::FileSystem.touch(ca_path, mtime: time)
+      provider = create_provider(capath: ca_path)
+
+      expect(provider.ca_last_update).to be_within(1).of(time)
+    end
+
+    it 'sets the last update time' do
+      time = Time.now - 30
+      provider = create_provider(capath: ca_path)
+      provider.ca_last_update = time
+
+      expect(Puppet::FileSystem.stat(ca_path).mtime).to be_within(1).of(time)
+    end
+  end
+
   context 'CRL last update time' do
     let(:crl_path) { tmpfile('pem_crls') }
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 8.0.1
+  version: 8.1.0
 platform: universal-darwin
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-04-26 00:00:00.000000000 Z
+date: 2023-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -113,9 +113,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 1.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -123,9 +120,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: deep_merge
   requirement: !ruby/object:Gem::Requirement
@@ -2537,7 +2531,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.4.12
 signing_key: 
 specification_version: 4
 summary: Puppet, an automated configuration management tool